Today, the FCC issued another sharply divided partisan 3-2 decision, this time on privacy rules that apply solely to ISPs. For over two decades, ISPs and all other internet companies have operated under the FTC’s privacy regime and, during that time, the internet thrived, consumer privacy was protected, and ISPs handled consumer data responsibly.
Although no consumer harms have been cited and nothing has changed in the way consumers expect their data to be used, the FCC’s original proposed rules on broadband privacy were a radical departure from the Obama Administration’s and the FTC’s call for a technology-neutral privacy approach for all participants in the internet ecosystem.
While the FCC’s final rules moved in the right direction toward consistency with the FTC’s privacy framework, which a wide range of commenters – including the FTC itself – strongly supported, they unfortunately fell short in certain key respects. They departed significantly from the FTC’s sensible sensitivity-based approach for the use of web browsing and apps usage data, and flatly ignored the FTC’s and Administration’s approach of encouraging companies to inform their customers of new and discounted services with few regulatory burdens. This just doesn’t make sense when 94% of people say they want a single privacy regime for all internet companies. And the Commission’s insistence that stricter regulations are justified for ISPs flies in the face of the technical realities, as Commissioners Pai and O’Rielly articulate so well in their dissents.
These are very technical issues, and we will need to review the Order to understand the full details. And time will tell its full implications. What is so disappointing is that this could have been a moment for the Commission to come together and make sensible bipartisan policy. But once again a divided FCC chose a path that unfortunately will likely do more harm than good for consumers, competition, and innovation in the all-important internet ecosystem.